Kriss Andsten wrote:
>
> Or, you could just encap the same data in say, five, DNS requests during
> each 24 hour period..
If all you're doing is stealing the bandwidth of 5 DNS requests in a
day, tunnel away!
> Sure, takes a bucketload of time, but I dare bet a fiver it's neigh to
> undetectable using normal tools.
>
> So, I still say that if a network is connected to the Internet, in any
> fashion, it's quite possible to tunnel data (in various amounts, granted)
> to and from it in a stealthy fashion, if there's a cooperative party on
> the inside.
I won't dispute that. But that's a hell of a lot of effort to go to, and
you would have to have a really good reason. Like stealing company
secrets - which in most cases, given your cooperative party on the
inside, can be achieved a lot easier than by circumventing a firewall.
What most people are concerned about is abuse of company bandwidth. And
so such tunneling exploits are much of a concern. So you did manage to
tunnel your way to an external web proxy so you could browse
penthouse.com on company time - I'm still going to see that you've used
up a lot of bandwidth in the daily reports, and I can still ask you to
justify that, or start sniffing packets to see what you're up to.
If you're arguing that its a way for someone to allow some external
party to break into the corporate network, again there is usually an
easier solution (like installing a wireless LAN card on an internal
host, or a modem that polls an external server, or something).
Put another way, I think these tunneling exploits are mostly of academic
interest. But I could be wrong.
--
Dr Graham Wheeler E-mail: [EMAIL PROTECTED]
Director, Research and Development WWW: http://www.cequrux.com
CEQURUX Technologies Phone: +27(21)423-6065
Firewalls/VPN Specialists Fax: +27(21)424-3656
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
